[X2Go-User] Session resume fails with AFS home directories
Sebastian Flothow
sebastian.flothow at gip.com
Mon Sep 16 16:17:31 CEST 2013
I did some further testing, and the resume failures are indeed due to
missing AFS tokens. When suspending a session, the SSH connection is
closed, sshd will call pam_close_session(), which means that pam_krb5
and pam_afs_session will delete the user's ticket/token (resp.). The
session therefore loses access to the home directory and appears to
freeze up, preventing it from being resumed.
Both pam_krb5 and pam_afs_session accept retain_after_close as a
parameter, which disables the delete-on-close behavior. With this
parameter set, it becomes possible to resume sessions, unless the AFS
token has expired.
This solves at least the case where the user reconnects quickly (eg.
after a short network outage), but it still means sessions will become
unresumable when left unused for a few days. I guess the only way to
avoid this is to not store session data in the home directory. Can X2go
be configured such that it uses eg. /tmp or /var/lib for this purpose?
More information about the x2go-user
mailing list